From owner-freebsd-apache@FreeBSD.ORG Mon Feb 1 11:06:15 2010 Return-Path: Delivered-To: apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E0EB106566B for ; Mon, 1 Feb 2010 11:06:15 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4C58D8FC14 for ; Mon, 1 Feb 2010 11:06:15 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o11B6FO3062200 for ; Mon, 1 Feb 2010 11:06:15 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o11B6Eqo062198 for apache@FreeBSD.org; Mon, 1 Feb 2010 11:06:14 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 1 Feb 2010 11:06:14 GMT Message-Id: <201002011106.o11B6Eqo062198@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: apache@FreeBSD.org Cc: Subject: Current problem reports assigned to apache@FreeBSD.org X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2010 11:06:15 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se a ports/134577 apache www/apache22: build faild with mod_auth_digest o ports/130479 apache www/apache20 and www/apache22 configure_args busted o ports/128078 apache www/apache20 -- LDAP support is broken o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT f ports/121134 apache www/mod_log_sql2-dtc scoreboard problem o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr o ports/118003 apache www/apache22: with PgSQL option require only libpq.so. p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g a ports/96953 apache www/apache22 port uses its own directories a ports/83644 apache www/apache20 add support for ndbm 14 problems total. From owner-freebsd-apache@FreeBSD.ORG Wed Feb 3 21:34:16 2010 Return-Path: Delivered-To: apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5333D106566C for ; Wed, 3 Feb 2010 21:34:16 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: from EXHUB015-4.exch015.msoutlookonline.net (exhub015-4.exch015.msoutlookonline.net [207.5.72.96]) by mx1.freebsd.org (Postfix) with ESMTP id 41D038FC16 for ; Wed, 3 Feb 2010 21:34:16 +0000 (UTC) Received: from [172.28.1.203] (174.79.184.239) by smtpx15.msoutlookonline.net (207.5.72.103) with Microsoft SMTP Server (TLS) id 8.2.176.0; Wed, 3 Feb 2010 13:34:15 -0800 Message-ID: <4B69EBD2.2060207@p6m7g8.com> Date: Wed, 3 Feb 2010 16:34:10 -0500 From: "Philip M. Gollucci" Organization: P6 Web Applications User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.7) Gecko/20100111 Lightning/1.0b1 Thunderbird/3.0.1 MIME-Version: 1.0 To: apache@FreeBSD.org Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 8bit Cc: Subject: Fwd: Apache HTTP Server 1.3.42 released (final release of 1.3.x) X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 21:34:16 -0000 -------- Original Message -------- Subject: Apache HTTP Server 1.3.42 released (final release of 1.3.x) Date: Wed, 3 Feb 2010 00:03:34 +0000 From: Colm MacCarthaigh To: announce@apache.org, announce@httpd.apache.org Apache HTTP Server 1.3.42 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.42 of the Apache HTTP Server ("Apache"). This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end of life status. There will be no more full releases of Apache HTTP Server 1.3. However, critical security updates may be made available from the following website: http://www.apache.org/dist/httpd/patches/ Our thanks go to everyone who has helped make Apache HTTP Server 1.3 the most successful, and most used, webserver software on the planet! This Announcement notes the significant changes in 1.3.42 as compared to 1.3.41. This version of Apache is is principally a bug and security fix release. The following moderate security flaw has been addressed: * CVE-2010-0010 (cve.mitre.org) mod_proxy: Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. Please see the CHANGES_1.3.42 file in this directory for a full list of changes for this version. Apache 1.3.42 is the final stable release of the Apache 1.3 family. We strongly recommend that users of all earlier versions, including 1.3 family releases, upgrade to to the current 2.2 version as soon as possible. For information about how to upgrade, please see the documentation: http://httpd.apache.org/docs/2.2/upgrading.html Apache 1.3.42 is available for download from http://httpd.apache.org/download.cgi This service utilizes the network of mirrors listed at: http://www.apache.org/mirrors/ Binary distributions may be available for your specific platform from http://www.apache.org/dist/httpd/binaries/ Binaries distributed by the Apache HTTP Server Project are provided as a courtesy by individual project contributors. The project makes no commitment to release the Apache HTTP Server in binary form for any particular platform, nor on any particular schedule. IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS variants. While the ports to non-Unix platforms (such as Win32, Netware or OS2) will function for some applications, Apache 1.3 is not designed for these platforms. Apache 2 was designed from the ground up for security, stability, or performance issues across all modern operating systems. Users of any non-Unix ports are strongly cautioned to move to Apache 2. The Apache project no longer distributes non-Unix platform binaries from the main download pages for Apache 1.3. If absolutely necessary, a binary may be available at http://archive.apache.org/dist/httpd/. Apache 1.3.42 Major changes Security vulnerabilities The main security vulnerabilities addressed in 1.3.42 are: *) SECURITY: CVE-2010-0010 (cve.mitre.org) mod_proxy: Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. Bugfixes addressed in 1.3.42 are: *) Protect logresolve from mismanaged DNS records that return blank/null hostnames. -- Colm MacCárthaigh